The monthly Exploit Prevention Content states that an IPS Signature has been deprecated (removed), yet the IPS Signature number still exists in the IPS Rules policy
Signatures menu on the ePolicy Orchestrator server. The deprecated Signatures do not display in the
McAfee Default IPS Rules policy.
Example:
Exploit Prevention Content 8381 - May 2018
Signature 6079 has been deprecated and replaced.
https://www.mcafee.com/us/content-release-notes/exploit-prevention/index.aspx
Signature 6079: Suspicious LSASS Access Detected
Description:
- The Signature has been deprecated from the content as it is more
generic and false prone.
Note: This Signature functionality has been replaced by the below Signatures
released along with this content. Customers are requested to change the level /
reaction-type of below Signatures based on their requirement.
• Signature 6116: Mimikatz LSASS Suspicious Memory Read
• Signature 6117: Mimikatz LSASS Suspicious Memory DMP Read
